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Abstract —This paper contains two results on timed extensions 
of pushdown automata (PDA). As our first result we prove that 
the model of dense-timed PDA of Abdulla et al. collapses: it is 
expressively equivalent to dense-timed PDA with timeless stack. 
Motivated by this result, we advocate the framework of first- 
order definable PDA, a specialization of PDA in sets with atoms, 
as the right setting to define and investigate timed extensions of 
PDA. The general model obtained in this way is luring complete. 
As our second result we prove NEXPTIME upper complexity 
bound for the non-emptiness problem for an expressive subclass. 
As a byproduct, we obtain a tight EXPTIME complexity bound 
for a more restrictive subclass of PDA with timeless stack, thus 
subsuming the complexity bound known for dense-timed PDA. 

I. Introduction 

Background. Timed automata (Tj| are a popular model 
of time-dependent behavior. A timed automaton is a finite 
automaton extended with a finite number of variables, called 
clocks, that can be reset and tested for inequalities with inte¬ 
gers; so equipped, a timed automaton can read timed words, 
whose letters are labeled with real (or rational) timestamps. 
The value of a clock implicitly increases with the elapse of 
time, which is modeled by monotonically increasing time- 
stamps of input letters. 

In this paper, we investigate timed automata extended with 
a stack. An early model extending timed automata with 
an untimed stack, which we call pushdown timed automata 
(PDTA), has been considered by Bouajjani et al. |2}. Intu¬ 
itively, PDTA recognize timed languages that can be obtained 
by extending an untimed context-free language with regular 
timing constraints. A more expressive model, called recursive 
timed automata (RTA), has been independently proposed (in 
an essentially equivalent form) by Trivedi and Wojtczak J3|, 
and by Benerecetti et al. |4j. RTA use a timed stack to store the 
current clock valuation, which can be restored at the time of 
pop. This facility makes RTA able to recognize timed language 
with non-regular timing constraints (unlike PDTA). 

More recently, dense-timed pushdown automata (dtPDA) 
have been proposed by Abdulla et al. [5] as yet another 
extension of PDTA. In dtPDA, a clock may be pushed on the 
stack, and its value increases with the elapse of time, exactly 
like the value of an ordinary clock. When popped from the 
stack, the value may be tested for inequalities with integers. 
The non-emptiness problem for dtPDA is solved in 0 by 
an ingenious reduction to non-emptiness of classical untimed 
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PDA. As a byproduct, this shows that the untiming projection 
of dtPDA-language is context-free. Perhaps surprisingly, we 
prove the semantic collapse of dtPDA to PDTA, i.e., dtPDA 
with timeless stack but timed control locations: every dtPDA 
may be effectively transformed into a PDTA that recognizes 
the same timed language. Notice that this is much stronger 
than a mere reduction of the non-emptiness problem from the 
former to the latter model. Intuitively, the collapse is caused 
by the accidental interference of the LIFO stack discipline 
with the monotonicity of time, combined with the restrictions 
on stack operations assumed in dtPDA. Thus, dtPDA are 
equivalent to PDTA, and therefore included in RTA. The 
collapse motivates the quest for a more expressive framework 
for timed extensions of PDA. 

Timed register pushdown automata. We advocate sets 
with atoms as the right setting for defining and investigating 
timed extensions of various classes of automata. This setting is 
parametrized by a logical structure A, called atoms. Intuitively 
speaking, sets with atoms are very much like classical sets, 
but the notion of finiteness is relaxed to orbit-finiteness, i.e., 
finiteness up to an automorphism of atoms A. The relaxation 
of finiteness allows to capture naturally various infinite-state 
models. For instance, ignoring some inessential details, regis¬ 
ter automata |6i] (recognizing data languages) are expressively 
equivalent to the reinterpretation of the classical definition 
of ‘finite NFA’ as ‘orbit-finite NFA’ in sets with equality 
atoms (N, =) (see 0 for details), and analogously for register 
pushdown automata 0 . 

Along similar lines, timed automata (without stack) are 
essentially a subclass of NFA in sets with timed atoms 
(Q, <,+l), i.e., rationals with the natural order and the +1 
function (see (9j for details). The automorphisms of timed 
atoms are thus monotonic bijections from Q to Q that preserve 
integer differences. In fact, to capture timed automata it is 
enough to work in a well-behaved subclass of sets with timed 
atoms, namely in (first-order) definable sets. Examples of 
definable sets are 

A = {(x,y,z)£ Q 3 : x < y < z + 1 < x + 4} 

A' = {(x,y)e Q 2 : x = y V y>x + 2}. 

The first one is orbit-finite, while the other is not. 

By reinterpreting the classical definition of PDA in definable 
sets we obtain a powerful model, which we call timed register 
PDA (trPDA), where, roughly speaking, a clock (or even a 
tuple of clocks) may be pushed to, and popped from the stack, 
conditioned by arbitrary clock constraints referring possibly 



Fig. 1: Classes of timed pushdown languages. 


to other clocks. Notice that monotonicity is not part of the 
definition of timed atoms, and thus in general trPDA read non¬ 
monotonic timed words, unlike classical timed automata or 
dense-timed PDA. This is not a restriction, since monotonicity 
can be checked by the automaton itself, and thus we can model 
monotonic as well as non-monotonic timed languages. An 
example language recognized by a trPDA (or even by trCFG) 
is the language of palindromes over the alphabet A defined 
above. Another example is the language of bracket expressions 
over the alphabet {[, ]} xQ, where the timestamps of every pair 
of matching brackets belong to A 1 . These languages intuitively 
require a timed stack in order to be recognized, and thus fall 
outside the class of dtPDA due to our collapse result. 

Contributions. In view of possible applications to verifi¬ 
cation of time-dependent recursive programs, we focus on 
the computational complexity of the non-emptiness problem 
for trPDA. We isolate several interesting classes of trPDA, 
which are summarized in Fig. |T| All intersections are non¬ 
trivial. Our model subsume dtPDA, for the simple reason 
that the finite-state control is essentially a timed-register NFA, 
which subsumes timed automata, i.e., the finite-state control 
of dtPDA. For the general model we prove undecidability of 
non-emptiness. This motivates us to distinguish an expressive 
subclass, which we call orbit-finite trPDA, which is obtained 
from the general model by imposing a certain orbit-finiteness 
restriction on push and pop operations. We show that non¬ 
emptiness of orbit-finite trPDA is in NExpTime. This is 
shown by reduction to non-emptiness of the least solution 
of a system of equations over sets of integers (cf. m and 
references therein). This reduction is the technical core of the 
paper. Moreover, it shows the essentially quantitative flavor of 
the dense time domain (Q, <, +1) as opposed to other kind of 
atoms, like equality (N, =) or total-order atoms (Q, <). Note 
that (M, <, +1) has the same first-order theory of the rationals, 
and thus considering the latter instead of the reals is with no 
loss of generality. Interestingly, our proofs work just as well 
over the discrete time domain (Z, <, +1). 

In order to establish the claimed complexity upper bound, 
we establish, along the way, tight complexity results for solv¬ 
ing systems of equations in special form. From this analysis, 
we derive ExpTime-completeness of the subclass of trPDA 


with timeless stack. Due to our collapse result, under a simple 
technical assumption that preserves non-emptiness, dtPDA can 
be effectively transformed into trPDA with timeless stack, and 
thus we subsume the ExpTime upper bound shown in (5|. 

Finally, we consider the reinterpretation of context-free 
grammars in sets with timed atoms. We prove that timed 
context-free languages are a strict subclass of trPDA lan¬ 
guages, and that their non-emptiness is ExpTime-complete. 

Except for the technical results, the paper offers a wider 
perspective on modeling timed systems. We claim that sets 
with atoms have a significant and still unexplored potential for 
capturing timed extensions of classical models of computation. 

Organization. In Sec. [II] we show the collapse result for 
dtPDA. In Sec. [HI] we introduce the setting of definable sets. 
Then, in Sec.|IV|we define trPDA and its subclasses, formulate 
our complexity results, and relate in detail these results to 
the previously known ExpTime-completeness of dtPDA. The 
following Sec. [V] is the core technical part of the paper and it 
is devoted to the proofs of the upper bounds. The last section 
contains final remarks and sketch of future work. The missing 
parts of the proofs are delegated to the appendix. 

II. Dense-timed pushdown automata 

As the first result of the paper, we show that dtPDA as 
proposed by @ recognize the same timed languages as its 
variant with timeless stack. This result is much stronger than 
the reduction proposed in [5j, which shows that dtPDA and 
its variant with timeless stack are equivalent w.r.t. the untimed 
language (as opposed to the full timed language). In fact, we 
even prove this for a non-trivial generalization of the model 
of |5| with diagonal pop constraints (cf. below). In view of 
our collapse result, we abuse terminology and we also call 
the extended model dtPDA. A clock constraint over a set of 
clocks X is a formula p generated by the following grammar: 

p ::= t | x ~ k | x — y ~ k \ p A p, 

where t is the trivial constraint which is always true, x, y £ X, 
k £ Z, and ~ £ {<, <, >, >}. We do not have disjunction V 
since it can be simulated by nondeterminism in the transition 
relation of the automaton. We write y — x ~ k £ p to denote 
that y — x ~ k is a conjunct in p. A dense-timed pushdown 
automaton (dtPDA) is a tuple T = ( L, Iq, E, T, X, z, A) where 
L is a finite set of control locations, Iq £ L is the initial 
location, S is a finite input alphabet, F is a finite stack 
alphabet, A is a finite set of clocks, and z is a special clock not 
in X representing the age of the topmost stack symbol. The 
last item A is a set of transition rules of the form: l a 'fi^ op p 
with 1,1' £ L control locations, a £ E e = E U {e} an input 
letter, p a constraint over clocks in X, a subset Y C X of 
clocks that will be reset, and op is either nop, pop(a \= i/jq), or 
push(a \= ipi), where a £ T a stack symbol, i/jq a constraint 
over clocks in X U {z} (called pop constraint ) and t/q a 
constraint over {z} (called push constraint). An automaton 
has timeless stack if all its pop operations pop(a \= t) have 
the trivial constraint t, in which case just write pop(a). 
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push (a) corresponding tlme 

pop(a |= ip) 

Fig. 2: Reset restriction on x when z — x < k £ ip. 
push(a) f, no reset of x P°P( a ) 


push(/3) ^ no reset pop(/3) 

of x 

Fig. 3: Current reset restrictions always subsume new ones. 


The formal semantics of dtPDA follows (5), and can be 
found in the appendix. Intuitively, every symbol on the stack 
carries a nonnegative rational number representing its age. 
Ages increase monotonically as time elapses, all at the same 
rate, and at the same rate as the other clocks of the automaton. 
Every time a new symbol is pushed on the stack, its age is 
nondeterministically initialized to a value of z satisfying the 
push constraint ipi, and it can be popped only if its current 
age satisfies the constraint ipQ. Note that the push constraint ipi 
essentially forces the initial age into a (possibly unbounded) 
interval. The original definition of @ imposed the same 
restriction on pop constraints. Our definition of pop constraint 
is more liberal, since we allow more general diagonal pop 
constraints of the form z — x ~ k. Despite this seemingly 
more general definition, we show nonetheless that the stack 
can be made timeless while preserving the timed language 
recognized by the automaton. 

Theorem II. 1. A dtPDA T can be effectively transformed into 
a dtPDA U with timeless stack recognizing the same timed 
language. Moreover, IA has linearly many clocks w.r.t. T, and 
exponentially many control locations. 

Proof (sketch): 

We explain here the basic idea of the transformation. The 
formal construction can be found in the appendix. W.l.o.g. we 
assume that: 1) Pop constraints are conjunctions of formulae 
of the form z — x ~ k, 2) transition rules involving a push or 
pop operation never reset clocks, and 3) the initial age of stack 
symbols pushed on the stack is always 0. These assumptions 
will simplify the construction; we show in the appendix how 
an automaton can be modified in order to satisfy them. The 
intuition is that a pop constraint of the form z — x<k with < 
£ {<, <} implies that clock x cannot be reset after k (possibly 
negative) time units of the push and before the corresponding 
pop. We call this a reset restriction ; cf. Fig. [2] We call a pop 
constraint z — x < k active if it has been guessed to hold at 
the time of a future pop. To keep track of reset restrictions. 
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push (a) corresponding tlme 

pop(a |= ip) 

Fig. 4: Reset obligation on x when z — x > k £ ip. 


we carry in the control state a set R of tuples of the form 
(x, <, k) for every active pop constraint. An extra clock x< k 
which is reset at time of push is used to check x< k < k 
whenever x is reset in order to guarantee that x is not reset 
too late. If k < 0, then we need to additionally check that x 
was not reset within the last — k time units, which amounts to 
check x > — k at the time of push. The crucial observation is 
that, if a new reset restriction (x,<,k) arises for an already 
active constraint, then we can safely ignore it since it is always 
subsumed by the current one. In other words, whenever the 
old restriction is satisfied, so is the new one, which is thus 
redundant; cf. Fig. [3] 

The situation for a pop constraint of the form z — x > k 
with >£ {>, >} is dual, since it requires that clock x is reset 
after at least k (possibly negative) time units of the push and 
before its corresponding pop. We call this a reset obligation ; 
cf. Fig. [4] We keep track of a set O of tuples (x, >, k) for every 
active pop constraint z — x>k, meaning that clock x must be 
reset before the next pop. When x is reset after k time units 
of the push, we remove (x, >, k) from O. To verify the latter 
condition, we use an additional clock x> k which is reset at the 
time of push, and we check that x> k > k holds. A new reset 
obligation with k < 0 is discarded if —x > k already holds at 
the time of push. A pop is allowed only if O is empty, i.e., all 
reset obligations have been satisfied. The crucial observation 
is that a new reset obligation (x,>,k) always subsumes one 
already in O, in the sense that, whenever the former is satisfied, 
so it is the latter; cf. Fig. [5] Thus, previous obligations are 
always discarded in favor of new ones (this is dual w.r.t. reset 
restrictions). When there is a new push, we have to additionally 
guess whether obligations in O not subsumed by new ones will 
be satisfied either before the matching pop, or after it. In the 
first case they are kept in O, while in the second case they 
are pushed on the stack in order to be put back into O at the 
matching pop. ■ 

The construction uses £-transitions, which simplifies substan¬ 
tially the encoding. A more complex construction not using e- 
transitions can be given, and thus the collapse holds even for e- 
free dtPDA. We don’t know whether diagonal push constraints 
make the model more expressive, and, in particular, whether 
the stack can be untimed in this case. (This potentially more 
general model would still be subsumed by our orbit-finite 
trPDA from Sec. [fWB]) 















push(a) k reset x pop(a) 


push(/3) k reset x pop( J 5) 

Fig. 5: New reset obligations always subsume current ones. 

III. Definable sets and relations 

In order to go beyond the recognizing power of dtPDA, 
we define automata that use timed registers instead of clocks. 
While a clock stores the difference between the current time 
and the time of its last reset, a timed register stores an absolute 
timestamp. Unlike ordinary clocks, timed registers are suitable 
for the modeling of non-monotonic time, and, even in the 
monotonic setting, they are more expressive since they can 
be manipulated with greater freedom than clocks. While in 
the semantics of clocks diagonal and non-diagonal constraints 
are inter-reducible HD> in the setting of timed registers only 
diagonal constraints are meaningful. Consequently, we drop 
non-diagonal constraints of the form x ~ k, and we redefine 
the notion of constraint, by which we mean a positive boolean 
combination of formulas x — y ~ k, where x, y are variables, 
k £ Z, and ~ £ {<, <, >, >}. We use = and jk as syntactic 
sugar. Constraints are expressively equivalent to the quantifier- 
free language of the structure (Q, <, +1), for instance 

(x + 1 < y + 1 A y < x) V ~<(x < (y + 1) + 1) 

can be rewritten as a constraint x = y V x — y > 2. For 
complexity estimations we assume that the integer constants 
are encoded in binary. 

A constraint p over variables xi,... ,x n defines a subset 
[p\ 5= Q n , assuming an implicit order on variables; n is called 
the dimension of p, or dinn^. In the sequel, we use disjoint 
unions of sets defined by constraints, and we call these sets 
definable sets. Formally, a definable set is an indexed set 

X = {X^l, (1) 

where L is a finite index set and for every l £ L, the set X/ = 
\pi\ is defined by a constraint. (L, {pi}i^l) is a constraint 
representation of the set 4D- When convenient we identify X 
with the disjoint union 

l+J X U (2) 

IGL 

and write (l,v) £ X instead of v £ Xi. The automata in this 
paper will have definable state spaces. An index l £ L may 
be understood as a control location, and a tuple v £ Q ra may 
be understood as a valuation of n registers (hence variables 
may be understood as register names). Under this intuition, ipi 
is an invariant that constraints register valuations in a control 
location l. Similarly, an alphabet letter will contain an element 
of a finite set L, and a tuple v £ Q" conforming to a constraint. 

We do not assume that all component sets [pi] have the 

same dimension (in particular, the number of registers may 
vary from one control location to another). Observe that when 


all dimensions are 0, the set 0 is a finite set of the same 
cardinality as the indexing set L. Those sets, as well their 
elements, we call timeless', the elements which are not timeless 
we call timed. When describing concrete definable sets we will 
omit the formal indexing; for instance, we will write 

{l,l',l"} W Q 2 or {l,l',l"} U {k}xQ 2 

for a set consisting of Q 2 and three other elements. 

Along the same lines we define definable (binary) relations. 
For two definable sets X = {X{\ l£L and Y = {Y k } kGK , a 
definable relation R C X x Y is an indexed set 

R = {R(l,k)}(l,k)eLxK, ( 3 ) 

where the indexing set is the Cartesian product L x K and 
every set R(i, k ) is defined by a constraint satisfying R(i, k ) 

Xi x Y k ; in particular, dim/fy fc ) = dim Xj + dim Y k . 

Transition relations of automata will be definable relations 
in the sequel. The relation R(i, k ) is a constraint on a transition 
from a control location l to another control location k: it 
prescribes how a valuation of registers in l before the transition 
may relate to a valuation of registers in k after the transition. 

Likewise one defines relations of greater arities. Thus a 
constraint representation of an n-ary definable relation consists 
of n finite index sets L \,..., L n , and formulas 

fur (/i,...,( n ) £ L\ x ... x L n . 

Note that the number of indexes (Zi,..., l n ) may be exponen¬ 
tial in n. When such a relation is input to an algorithm, the 
presentation is allowed to omit those formulas which define 
the empty set, i.e., [ptu = 0. 

Remark: Constraints are as expressive as first-order logic of 
(Q, <, +1): similarly like a constraint, a first-order formula ip 
with free variables x±,... ,x n defines the subset [p] C Q ra , and 
may be effectively transformed into an equivalent constraint 
ip, namely one satisfying [p] = [ip\. 

A. Orbit-finite sets 

The setting of definable sets is a natural specialisation of 
the more general setting of sets with timed atoms (Q, <, +1). 
A time automorphism, i.e., an automorphism of timed atoms 
(Q, <,+l), is a monotonic bijection n : Q —>• Q preserving 
integer distances, i.e., 7 r(x+fc) = 7r(x)+fc for every k £ Z. We 
consider only sets invariant under time automorphism, which 
are called equivariant sefrQ In general, equivariant sets are 
infinite unions of orbits, where the orbit of an element e is 

orbit(e) = {tie : 7r time automorphism}. 

We restrict our attention to orbit-finite sets, which are those 
equivariant sets that decompose into a. finite union of orbits. 

A time automorphism 7 r acts on any element e by renaming 
all time values t £ Q appearing in e, but leaves the other 

’For well-behaved atoms, like equality atoms, finitely supported sets can 
be considered. In case of timed atoms, we restrict ourself to equivariant sets, 
i.e., those which are supported by the empty set. 








structure of e intact. For instance, it distributes on tuples and 
disjoint unions: 

7r(fi,...,f n ) = (7r(fi),...,7r(f n )) 
n({l,v)) = {l, tt(v)). 

Thus components X {s of a definable set are preserved by time 
automorphisms, and independently partition into orbits. 

As an example, the orbit of (2,3.3,—1.7) is the set 
{(x,y,x') £ Q 3 } 1 < y — x < 2 A y — x' = 5. The set Q 
has only one orbit (i.e., orbit(a;) = Q for every x £ Q), but 
the set Q 2 is already orbit-infinite, its orbits being of the form 

{(x,y) : x — y = z} or {(x,y) : z<x-y<z+l} 

for every integer z £ Z. Orbits in Q n are definable by 
constraints; we call these constraints minimal as they define the 
inclusion-minimal nonempty equivariant subsets of Q ra . Con¬ 
sequently, every orbit-finite subset of Q n is definable. Further, 
every definable set is equivariant. On the other hand not every 
equivariant subset of Q n is definable (e.g., the equivariant set 
{(x,y) : x — y is a prime number}), and not every definable 
subset is orbit-finite, due to the orbit-infiniteness of Q n 

In the sequel whenever we consider an orbit-finite set, we 
implicitly assume that it is a disjoint union of subsets of Q", 
n > 0, and therefore definable. 

Define the span of a tuple v £ Q n with n > 0 as max v — 
min v, the difference between the maximal and the minimal 
value in v, and for n = 0, let the span be 0 by convention. 

Lemma III.l. An equivariant subset X C Q n is orbit-finite 
if, and only if, it has uniformly bounded span, i.e., it admits a 
common bound on the spans of all its elements. 

For an orbit O Cl, we will make the notational difference 
between the orbit of e, when O = orbit(e) with e £ X, and 
an orbit in X, when O £ orbit(X) := {orbit(e) | e £ X}. 

B. Normal form 

We prove that every definable set can be transformed into a 
convenient normal form, which is like the classical partitioning 
into regions but without restricting to non-negative rationals. 

We say that a tuple v £ Q d admits a gap g £ Q, g > 0, 
if the set of rationals appearing in v can be split into two 
non-empty sets L, R C Q such that 

max(L) + g = min(f?). 

Let a g-extension of v be any tuple in Q d obtained from v by 
adding a positive rational h to all elements of R appearing in 
v, regardless of the choice of sets L and R. (Subtracting h 
from all elements of L would be equivalent for our purposes 
as the sets we consider are closed under translations.) 

Note that if v admits an integer gap k then all other tuples 
in orbit(u) also do. If this is the case for some k £ Z, let the 
/.-extension of an orbit O C Q d be the closure of O under k- 
extensions, i.e., the smallest set containing O that contains all 
fc-extensions of all its elements. We will build on the specific 
weakness of constraints: a fixed constraint can not distinguish 
an orbit O from its /.-extension when k is sufficiently large. 


An extension (i.e., a /c-extension for some integer /::) of 
an orbit O is a definable set. Indeed, a defining constraint 
is obtained from the minimal constraint <p defining O by 
syntactically replacing certain equalities = with inequalities 
< (call this constraint extension of ip). For instance, consider 

p(x,y,z,w) = 0<y — x<l A z — y = 7 A w — z = 7; 

its 7-extension is 0 < y — x <1 A z — y < 7 A w — z < 7. 

Lemma III.2 (Normal Form Lemma). Every definable set 
X decomposes into a finite union of orbits OCX and 
of extensions of orbits O C X. A decomposition can be 
effectively computed in ExpTime. 

For orbit-finite X, the lemma yields an effective enumeration 
of orbits in X, since extensions of orbits, being orbit-infinite, 
do not appear in the decomposition of X: 

Corollary III.3. A decomposition of an orbit-finite definable 
set X into orbits is computable in ExpTime. 

Example III.l. Consider the following set X = 
{(x,y,z) £ Q 3 | 0 < y — x < 1 A z — y > 3}. One possible 
decomposition of X consists of orbits in X that do not 
admit a gap larger than 4, and of 4-extensions of all orbits 
that admit a gap 4, for instance the 4-extension of the orbit 
{{x,y,z) £ Q 3 : 0 < y - a: < 1 A z-y = 4f. 

Thanks to the Normal Form Lemma, we define the normal 
form of constraints, i.e., disjunction of minimal constraints 
and extensions thereof. In the sequel we assume whenever 
convenient that the constraint representations of definable 
sets are already in normal form. The exponential blowup 
introduced by this transformation will combine well with the 
polynomial complexity w.r.t. the normal form representations, 
thus yielding the exponential time overall complexity. 

A relevant property of normal form sets is that they admit 
easy computation of projections: 

Lemma III.4 (Projection Lemma). Given a definable set X C 
in normal form, its projection onto a subset of coordinates 
{1... d}, in normal form, is computable in polynomial time. 

Indeed, projection distributes over disjunction, and projection 
of a minimal constraint, or of extension thereof, is computed 
essentially by elimination of variables. 

IV. Timed register pushdown automata 

We define a new model of timed PDA by reinterpreting 
the standard presentation of PDA in the setting of definable 
sets. Our approach generalized the approach of |9j where NFA 
were considered. Classical PDA can be defined in a number 
of equivalent ways. In the setting of this paper, the choice of 
definition will be critical for tractability. In the most general 
variant, a PDA A consists of a finite input alphabet A, a finite 
set of states Q, initial and final states /, F C Q, a finite stack 
alphabet S, and a finite set of transition rules 

p C (Q x S*) x A e x (Q x S*), 


where A e = A U {s}. The semantics of a PDA is defined 
as usual. A transition rule (q, v, a, q', v') £ p describes a 
transition which reads input a, changes state from q to q', 
pops a sequence of symbols v from the stack and replaces 
it by v' . Formally, the transitions of a PDA are between 
configurations c, c' £ Q x S *, and (q, v, a, q 1 , v') £ p induces 
a transition c —► d if c = (q,vw) and d = ( q',v'w ) for 
some w £ S*. Similarly, one defines unlabeled transitions 
c —► d, the reachability relation c —>* d , runs, accepting 
runs (runs starting in a state from I with empty stack, and 
ending in a state from F with arbitrary stack), and the language 
L(A) C A* accepted by a PDA A. 

We reinterpret the definition of PDA by dropping the 
finiteness of the components. Instead, we require Q,A,S,I 
and F to be orbit-finite (and, thus, definable), and the relation p 
to be definable. The dimension of a PDA is the maximal 
dimension of its states Q. These orbit-finiteness requirements 
are necessary to obtain a model with decidable emptiness, 
since it has been shown in j9| that having orbit-infinite states 
leads to undecidability already in NFA. Since Q is orbit-finite. 


by Lemma III. 1 there exists a uniform bound on the span of 
every vector in Q. 

Note that p, being definable, is necessarily a subset of 


p C (Q x S- n ) x A e x (Q x S^ m ), 

„ ^ T\T ...1 _ ci<n a I I o . I o2 . 


(4) 


for some n, m £ N, where S- n = Sq U S U S 2 U ... U S n 
where Sq = {e}. The generalized model we call timed register 
PDA (trPDA). Most importantly, the semantics of trPDA is 
defined exactly as the semantics of classical PDA. We assume 
acceptance by final state. This is expressively equivalent to 
acceptance by empty stack, or by final state and empty stack. 

By the size of a trPDA we mean the size of its constraint 
representation, i.e., the sum of sizes of all defining constraints, 
where we assume that integer constants are encoded in binary. 

As already in the case of NFA, also for PDA imposing an 
orbit-finiteness restriction on p would be too restrictive, in the 
sense that the model would recognize a strictly smaller class of 


timed languages than with unrestricted p. Example IV. 1 illus¬ 


trates this, and shows the interaction between timed symbols 
in the stack, state, and input. 


Example IV.l. Consider the input alphabet A = \<p\, where 
tp{x,y) = x < y < x + 4, and the language L 
of even-length monotonic palindromes over A, i.e., L = 
{(ui,Vi)... {u 2n ,v 2 n) € A* \ u x < ... < u n and (Ui,Vi) = 
( Uj,Vj) for every 1 < i < 2 n and j = 2n + 1 — i}. A trPDA 
recognizing this language has state space of dimension 1 (i.e., 
1 register) Q = {z} l±J{1} x Ql±){2, /}, with i and / the initial 
and final states, respectively. The stack alphabet S = A L+J {_L} 
extends the input alphabet by the symbol _L. There are three 
groups of e-transition rules, namely 


((1, t), e, e, 2, e), (2, _L,£,/,£), 


for any t £ Q, used to initiate the first half, to change to the 
second half, and to finalize the second half of a computation 
of an automaton. In state (l,f) the automaton pushes an input 


letter (u, v) to the stack, while checking for monotonicity t < 
u, as described by the transition rules, for t < u, 

((1, £), £, (u,v), (l,u), (u,v)) £ Q x S° x A x Q x S. 

Finally, in state 2 the automaton pops a symbol (it, v) from 
the stack, while checking for equality with the input letter, as 
described by the transition rules: 

(2, (u,v),(u,v),2,e) £ Q x S x A x Q x S°. 

Observe that we can not require the set p of transition rules 
to be orbit finite. Indeed, this would impose a bound on the 
span of tuples in p, in particular on the difference u — t, in 
the push transition rules, and therefore also on the differences 
itj+i — Ui between consecutive input letters. 

The non-emptiness problem asks whether the language 
recognised by a given trPDA is non-empty. We observe that 
the problem is undecidable for general trPDA. 

Theorem IV.l. Non-emptiness of trPDA is undecidable. 


The undecidability of the general model motivates us to 
consider several restrictions of trPDA for which we can show 
decidability of the non-emptiness problem. We consider timed 
register context-free grammars in Sec. IV-A orbit-finite trPDA 
in Sec. |IV-B| and trPDA with timeless stack in Sec. |IV-C| 


A. Timed register context-free grammars 

Context-free grammars are PDA with one state where each 
transition pops exactly one symbol off the stack. A timed reg¬ 
ister context-free grammar (trCFG) Q consists of the following 
items: an orbit-finite set S of symbols, a starting symbol I £ S 
which is initially pushed on the stack, an orbit-finite input 
alphabet A, and a definable set of productions 


p C Sxi £ xS*. 


Acceptance is by empty stack, i.e., when all symbols are 
popped off the stack. We call languages recognized by trCFG 
timed register context-free languages. 

Example IV.2. Let A = Q, and consider the 

language L of timed palindromes of even length, i.e., 
L = {xi ■ ■ ■ x 2n £ Q* I V(1 < i < n) ■ Xi = x 2n _. l+ i\. This 
language can be recognized by a trCFG with symbols 
S = {l}l±){2}xQ and productions of the form p = 
{(l,z, 1 • (2,y)), (1, x, (2,2/)), ((2, x),y, e) \ x, y £ Q ■ x = y}. 
We will see later that this language cannot be accepted by 
trPDA with timeless stack. 


Define the untiming of a word a x .. .a n £ A* over 
an orbit-finite alphabet A as its projection to orbits 
orbit(ai).. .orbit(a n ) £ £*, where £ = orbits(A). Untiming 
naturally extends to languages. In the lemma below we show 
that the untiming of a language of trCFG is context-free. 


This contrasts with languages of trPDA; cf. Example IV.3 
Therefore, trCFG are weaker than general trPDA. 


Lemma IV.2. The un timing of a timed register context-free 
language is effectively context-free. 










Theorem IV.3. Non-emptiness problem of trCFG is 
ExpT im e-complete. 


B. Orbit-finite timed register PDA 

We have seen that restricting trPDA to grammars yields 
a decidable model. In this section, we investigate another 
natural restriction of trPDA with decidable non-emptiness. A 
transition rule (q,v,a,q',v') £ p splits naturally into its left- 
hand side (lhs) ( q , v) £ Q x S* and its right-hand side (rhs) 
(g', v') £ Q x S*. Let orbit-finite trPDA be the subclass of 
trPDA where the projections of p to both Ihs’s and rhs’s, i.e., 
the following two sets 


{(<7j v ) | 3 a,q',v'. {q,v,a,q',v') £ p} 
{(</, v') | 3 q, v , a. (q, v, a, q', v') £ p} , 


are orbit-finite. By Lemma III. 1 1 this means that both lhs’s and 
rhs’s have uniformly bounded span. We still do not require the 
whole relation p to be orbit-finite. 

As long as the recognized language is considered, orbit- 
finite trPDA may be transformed into a convenient short form, 
with the transition rules split into 


p = PUSH U POP, 

PUSH C QxA e xQxS, (5) 

pop C Q x S x A e x Q 

(thus one of lhs, rhs is a single state from Q , and the other is 
a pair from Q x S) where the two sets 


{(9', s') | 3 q,a. PUSH (q,a,q',s')} 
{(g,s) | 3 q,a. POP (q,s,a,q')} 


are orbit-finite. This short form easily enables the simulation 
of transition rules of the form NOP (q,a,q') £ Q x A e x Q 
that do not operate on stack, by a push followed by a pop. 
The trPDA in Example |IV. 1 1 is in short form. 

Lemma IV.4. An orbit-finite trPDA can be transformed into a 
language-equivalent trPDA in short form 0 of polynomially 
larger size. 

Thus, from now on we always conveniently assume that an 
orbit-finite trPDA is given in short form. According to the 
following example, untiming of the language of an orbit-finite 
trPDA needs not be context-free. 


Example IV.3. Consider the language L of palindromes over 
the timeless alphabet A = {a, 6} containing the same number 
of a’s and V s. L can be recognized by a trPDA of dimension 
1 with state space Q = {*} l±) {1,2} xQ l±l {/} and stack 
alphabet S = {a, b} l±l {_L} x Q. as follows. At the beginning, 
a rational t £ Q is guessed and (_L,i) is immediately pushed 
to the stack according to the transition rules: 

(i, £, (1, t), (J_, f)) € Q x {e} x Q x S, for t £ Q. 

Palindromicity of L is checked by pushing timeless sym¬ 
bols a, b on the stack in the first half of the computation, 
and by popping and matching them during the second half. 


Additionally, the value stored in the state is increased at 
each occurrence of a, and decreased at each occurrence of 
b, according to the transition rules: 


/ ((1 5 t),a, (1, f + 1), a), 
1 ( 1 , * — 1 ), 6 ) 
/ ((2, t),a, a, (2, t + 1)), 
\ ((2, f), b, b, (2,t — 1)) 


t £ Q j C Q x A x Q x S 
t € Q 1 C Q x S x A x Q 


At the end of the computation, it remains to check that the 
number of a’s equals the number of b’s. After the last timeless 
symbol is popped off the stack, on the bottom thereof we 
have (_L,i) where t is the original value stored there at the 
beginning of the computation. It suffices to pop this timed 
symbol with a transition rule: 


((2,f), {±,t),e,f) £ Q x S x {e} x Q, for t £ Q, 


which checks equality with the value stored in the state. 

As our second main result, we prove decidability of non¬ 
emptiness for orbit-finite trPDA: 

Theorem IV.5. Non-emptiness of orbit-finite trPDA is in 
NExpTime. 

Recall that we assume that integer constants appearing in 
constraint representation of a trPDA are encoded in binary. 
We prove the theorem in Sec. [V] by reducing non-emptiness 
of trPDA to non-emptiness of systems of equations over set 
of integers. 


C. trPDA with timeless stack 

To obtain a better complexity upper-bound, and for compar¬ 
ison with previous work, we identify the subclass of trPDA 
where the stack alphabet is timeless (i.e., finite). We call 
this subclass trPDA with timeless stack , which corresponds 
precisely to timed-register automata |9) augmented with a 
timeless stack (in the spirit of j2]|). Observe that this is a 
subclass of orbit-finite trPDA, by the following observation: 

Proposition IV.6. Cartesian product of an orbit-finite set and 
a timeless one is orbit-finite. 


Thus, lhs and rhs are orbit-finite if Q is orbit-finite and S is 
timeless. This class is weaker than orbit-finite trPDA. Indeed, 
the automaton recognizing language L described in Exam¬ 
ple IV.3 is orbit-finite. On the other hand L is not recognized 
by a trPDA with timeless stack, due to the following: 


Lemma IV.7. Untiming of the language of trPDA with time¬ 
less stack is effectively context-free. 

Proof (sketch).: Replace the state space Q by the set 
of orbits of Q (similarly to the region construction), and 
consider transitions between orbits, labelled with orbits of the 
input alphabet A, defined existentially. This operation does not 
preserve the timed language L recognized by the automaton 
in general, but it does preserve reachability properties, and 
in particular the untiming projection of L. Since the stack is 
timeless, no special care is needed to handle it. ■ 








Languages of trPDA with timeless stack are thus a strict 
subclass of those of orbit-finite trPDA, even over finite al¬ 
phabets. Moreover, languages of trCFG are incomparable with 
languages of trPDA with timeless stack. An example of trCFG 
language which is not recognized by trPDA with timeless stack 
is the language of timed palindromes from Example |IV.2| This 
language clearly cannot be recognized with a timeless stack 
since it requires to remember unboundedly many possibly 
different timestamps. For the other inclusion, the example 
below shows a language recognized by a trPDA with timeless 
stack but not recognized by a trCFG. 

Example IV.4. Take A = {c} x Q l±) {a, b}, and consider the 
language 

L = { (c, x) w (c, y) | w palindrome over {a, b} , y — x = |w|} . 

L can be recognized by a trPDA with timeless stack which 
stores x in a register, and then uses the untimed stack to 
check that w is a palindrome and incrementing the register 
at every letter. Finally, it checks that y equals the value of 
the register. It can be shown that L cannot be recognized 
by a trCFG by a standard pumping argument. Intuitively, a 
sufficiently long word s £ L can be split into s = uvwxy s.t. 
at least one of v and x is non-empty, and, for every i > 0, 

Si := uv l wx l y £ L. Since s has only two timestamps (at 
the beginning and at the end), pumping cannot involve them. 
Thus, v and x are substrings of the palindrome w, and pumping 
necessarily changes its length, which contradicts Si £ L. 

As our last main result, we derive a tight upper complexity 
bound for trPDA with timeless stack. 

Theorem IV.8. Non-emptiness for trPDA with timeless stack 
is ExpTim e-complete. 

Remark: It follows from the proof that non-emptiness of 
automata in normal form is decidable in time polynomial in 
its size and exponential in its dimension. 

D. dtPDA as trPDA with timeless stack 

Our definition of trPDA differs from dtPDA |j5) in the same 
way as timed register automata of |9]| differ from classical 
timed automata 0- The first difference is semantic: dtPDA 
(like timed automata) recognize timed languages where each 
input symbol carries only a single time-stamp. In this sense, 
they correspond to trPDA with a 1 -dimensional input alphabet. 

Moreover, languages of trPDA are closed under translations 
x H>■ x + t, for t £ Q, while languages of dtPDA are not. In 
order to fairly compare the two models, we assume (along 
the lines of 0 ) that a dtPDA starts its computation with 
uninitialized clocks , instead of all clocks initialized with 0. 
This is not a restriction since a dtPDA T can be faithfully 
simulated by a dtPDA with uninitialized clocks T' ■ For 
instance, as the first step, T' may initialize all its clocks with 
the timestamp of the first input letter (a, t) and then proceed 
as T, and thus L(T') = Ut S Q, a es( a ’ (L(T) + t). This 
transformation clearly preserves non-emptiness. 


Lemma IV.9. A dtPDA with uninitialized clocks and timeless 
stack T can be effectively transformed into a language- 
equivalent normal form trPDA A with timeless stack. If T 
has n clocks then the dimension of A is n + 1 and its size is 
exponential in n. 


We sketch the construction. By definition, dtPDA ac¬ 
cept monotonic words, while languages recognized by 1- 
dimensional trPDA are non-monotonic in general. Notice that 
monotonicity of input can be enforced by a trPDA by adding 
an additional special register xq in every control state, to 
store the timestamp of the last input, and by intersecting the 
transition rules with the additional constraint xq < x' 0 relating 
the values of the special register before and after a transition. 

The most substantial difference is that dtPDA use clocks , 
while trPDA use registers. A dtPDA has clocks which can be 
reset and can be compared to an integer constant x ~ k, or, 
in the case of diagonal constraints, a difference of clocks is 
compared to an integer constant x — y ~ k. A trPDA can 
simulate a dtPDA by having one register x for each clock 
x. A reset of x is simulated by assigning the current input 
timestamp t to x\ a constraint x ~ k is simulated by Xq — x ~ 
k (where Xq is the special register discussed above), and a 
diagonal constraint x — y~k is simulated by y — x ~ k. (The 
ages for timed stack symbols could be treated similarly. This 
step is unnecessary for dtPDA with timeless stack.) 

To obtain a trPDA we need to ensure that the set of states 
is orbit-finite. This is done as follows. Let m be the maximal 
absolute value of a constant in any constraint of a dtPDA. 
We perform the classical region constmction of the dtPDA, 
and take regions as control locations of the trPDA. In every 
control location, the defining constraint is the intersection of 
the region with the constraint f\ xGX 0 — x o ~ x < m, 
which makes the set of states orbit-finite. Additionally in 
every region, those registers that correspond to unbounded 
clocks are projected away. This is correct as the truth value 
of transitions constraints involving unbounded clocks does not 
depend on further elapse of time. This completes the sketch 
of the construction claimed in Lemma HV.9I 

By Theorem |II. 1[ we can remove time from the stack of 
a dtPDA with a single exponential blowup in the number 
of control locations (w.r.t. the size of pop constraints), and 


a linear increase in the number of clocks. By Lemma IV.9 


we obtain a trPDA with a further exponential blowup in the 
number of control locations (w.r.t. number of clocks). Notice 
that the two blowups compose to a single exponential blowup, 
as summed up in the following corollary: 


Corollary IV.10. A dtPDA with uninitialized clocks can be 
effectively transformed into a language-equivalent normal 
form trPDA with timeless stack of exponential size (w.r.t. pop 
constraints and clocks) and linear dimension. 


In turn, the blowups in the last corollary and in The- 
IV.8 1 compose again to a single exponential blowup. 


Therefore Theorem |IV.8| yields the ExpTime upper-bound for 
dtPDA and thus strengthens the ExpTime upper bound of |5j. 












V. Upper bounds 

We prove the upper bounds of Theorems |IV.5| and |IV.8| 

A. Equations over sets of integers 

We consider systems of equations, interpreted over sets of 
integers, of the following form 

Xi = u 


x n 


t 


n? 


one for each variable Xi, where right-hand side expressions 
use variables X\... X n appearing in left hand sides, 
constants {— 1}, {0}, {1}, union U, intersection t D {0} with 
the constant {0}, and element-wise addition of sets of integers, 
X + Y = {x + y : x £ X and y £ Y}. Note that the use 
of intersection is assumed to be very limited; for systems of 
equations with unrestricted intersection (e.g., X D Y), the non¬ 
emptiness problems is undecidable fl2|. 

A solution v of a system of equations assigns to every vari¬ 
able X a set v{X) C Z of integers. We are only interested in 
the least solution. Note that intersection and addition distribute 
over union, in the sense that (foUfi)Df 2 = (fonf 2 )U(fiDf 2 ), 
and {to U fi) T f 2 = (to + £ 2 ) U {t\ + tf). Thus, as long as 
the least solution is considered, a system of equations may be 
equivalently presented by a set of inclusions X D t, where 
t does not use union, with the proviso that many inclusions 
may apply to the same left-hand side variable X. 


Example V.l. For instance, the set of all integers is the least 
solution for Z below; we can also succinctly represent large 
constants m £ Z as the least solution {m} for Z =m : 

2 { 0 } 

12 Z m + Z m 
12 Z m + Z m + {1}. 

Infinite intervals of the form Z <m = (—00 ,m) and Z >m = 
(m, 00 ) are easily expressible as the least solutions of Z <m 
and Z >m in 

Z< m 22 Z—( m _ 1 ) Z >m D 

Z<rn 12 Z <m + { — 1} Z >m D Z >m + {1} 

We will use these definitions later in this section. 


Z 2 { 0 } 
z D {1,-1}+ Z 


^=o 

Z=2m 

Z=2m+1 


By introducing additional auxiliary variables, one may eas¬ 
ily transform the inclusions into the following binary form: 

X 22 {k} X D un{0} X D Y + Z, (6) 

where k is —1,0 or 1. For future reference we distinguish a 
subclass of intersection-free systems of equations which use 
no intersection. All equations in the previous Example | V. 1 1 are 
of this form. 

The non-emptiness problem asks, for a given system A 
of equations and a variable X therein, whether the least 
solution v of A assigns to A a non-empty set of integers. The 
membership problem asks, given an additional integer k £ Z 
(coded in binary), whether k £ v{X). 


Lemma V.l. The non-emptiness problem for intersection-free 
systems of equations is in P. 

Proof: If A is intersection-free, its non-emptiness reduces 
to non-emptiness of a context-free grammar over three letters 
{ — 1,0,1}. Variables of A are non-terminal symbols, and 
every inclusion gives raise to one production. Addition is 
replaced by concatenation. ■ 

Lemma V.2. The non-emptiness and membership problems of 
systems of equations are both NP-complete. The membership 
problem is NP-hard already for intersection-free systems. 


B. From trPDA to systems of equations 

We show an ExpTime reduction of non-emptiness of orbit- 
finite trPDA to non-emptiness of systems of equations. Addi¬ 
tionally, if the stack is timeless, then the system of equations 
is intersection-free. Fix an orbit-finite trPDA A, with states Q, 
stack alphabet S, and transition rules PUSH and POP. 

As a preprocessing we apply few simplifying transforma¬ 
tions. First, we rebuild A so that it has exactly one (therefore 
timeless) initial state, and exactly one final state. Therefore 
there are unique initial and final control locations, correspond¬ 
ing to the unique timeless initial and final state. Moreover, 
in the final state we let A unconditionally pop all symbols 
from the stack, and assume w.l.o.g. that A accepts when 
not only it is in the final state, but additionally the stack is 
empty. As the next step of preprocessing, we make all states 
of A timed, by adding to every timeless state (including the 
initial and final one) one dummy timed register. In order to 
assure orbit-hniteness of A, appropriate additional constraints 
on the dummy registers are added to PUSH and POP. Thus 
the transformations described by now preserve orbit-hniteness 
of A can be done using its constraint representation. As the 
last step of preprocessing, we transform A into normal form. 
According to Lemma III.2 this is doable in ExpTime. 
Reachability relation. As we focus on reachability, we ignore 
the input alphabet and assume the transition rules of A to be 
unlabeled, i.e., of the form 


PUSH (q,q',s') and POP(g, s,q'), 

where q, q' £ Q and s' £ S. Consequently, we assume also 
unlabeled transitions c —► d between configurations. Using 
the Projection Lemma |ill.4| the unlabeled transition rules are 
easily computed by projecting away the input alphabet. 

We define the following binary reachability relation between 
states of A. Two states are related, written q q'. if there is 
a computation of A from state q to q' which starts and ends 
with empty stack. Lormally, q q' if for some configurations 
{qi,V \),..., (q n , v n ), A admits the transitions: 

(g,e) —> (91,tti) —> ■ ■ ■ —S> {q n ,v„) —(</,£)■ ( 7 ) 


It might be the case that = e for some 1 < i < n. 

Proposition V.3. UA) is non-empty iff relates an initial 
state with a final one. 










Lemma V.4. The relation is the least relation satisfying 
the following rules: 

(base) - V (g, q) G Q 2 

q ^ q 


(transitivity) 


q~^> q' q' q" 
q q" 


V (q,q',q") £ Q 3 


(push-pop) 


q 


V (q,q, q',q') £ PUSH-POP 


where PUSH-POP is the subset of Q 4 defined as: 


PUSH-POP = {q, q, q, q) | 3s £ S'. 


PUSH (q,q,s), 
POP {q\ S, q') 


( 8 ) 


Orbitization. Recall that the transition rules PUSH and POP 
are equivariant, i.e., are unions of orbits, possibly infinitely 
many. It follows that the relation C Q 2 is also equivariant, 
i.e., a union of orbits of Q 2 . Call an orbit O C Q 2 inhabited 
if q cf for some (q,(f) £ O. If this is the case, since 
is equivariant, and thus a union of orbits, then every pair 
(q,q') £ O satisfies q q'. It thus makes sense to think of 
as containing whole orbits rather than individual elements. 
Let initial-final orbits in Q 2 be the ones containing pairs (i, f) 
for i initial and / final state; these orbits are determined by 
the unique initial and final control locations. 


Proposition V.5. L(A) is non-empty iff an initial-final orbit 
in Q 2 is inhabited. 


Likewise, the relation PUSH-POP C Q 1 is equivariant, i.e., 
a union of possibly infinitely many orbits in Q 4 . Our aim now 
is to ‘orbitize’ the rules of Lemma V.4 so that they speak of 
orbits of pairs of states, instead of individual pairs of states, 
without losing any precision. 

The (base) rules orbitizes easily; it speaks of diagonal orbits, 
i.e., orbits of diagonal pairs ( q , q) £ Q 2 . For treating the other 
rules, we need to speak of projections of n-tuples w onto two 
coordinates. We use the notation vtij to denote the projection 
of w onto coordinates i. j, for 1 < i < j < n\ the same 
notation will be used for the projection of a set of tuples. For 
O an orbit in Q n , O l:j is necessarily an orbit in Q 2 . 


Lemma V.6. An orbit O of Q 2 is inhabited if and only if, 
F O is derivable according to the rules below: 


(orbit base) 


(orbit transitivity) 


h O 

F Oi2 F O23 

F Oi 3 


V diag. orbit O in Q 2 

V orbit O in Q 3 


(orbit push-pop) —— V orbit O in PUSH-POP 

F C>i4 

Proof: Both directions are proved by induction on the 
size of derivations. The “if” direction uses equivariance of 


Discretization. The set Q 2 is orbit-infinite. We encode it as 
a Cartesian product of an orbit-finite set and the integers Z. 


This will allow us to reduce non-emptiness of C(A) to non¬ 
emptiness of a system of equations. 

Consider two states q = (l,v),q' = ( l',v') £ Q, where 
v £ Q n ‘ and v' £ Q n ‘'. Since Q is orbit finite, by Lemma III. 1 
we know that both v and v' have uniformly bounded span, 
say u. However, the joint vector (v,v') £ Q ra '+"i' needs not 
have uniformly bounded span (and indeed Q 2 is orbit-infinite), 
since rationals in v might be arbitrarily far from rationals in 
v'. The idea is to “factorize” out the orbit infiniteness of Q 2 
by shifting the second vector v' closer to v (in order to have 
span at most u + 1), and by keeping track separately of the 
shift as the only unbounded component. 

The first technical step is to extend the tuple v in every state 
q = (l, v) £ Q with one rational number t, written q ■ t = 
(l, (v,t)), called the reference point of q ■ t. Reference points 
allow to precisely shift vectors so they become closer. Let 
minv be the component of v with minimal value. We define 

Q = {q ■ t | q = (l, v) £ Q, t £ Q, min v < t < min v + 1} . 

The set of extended tuples Q is definable and orbit-finite (of 
uniform span at most u +1), and contains exponentially many 
orbits. While Q 2 is not orbit-finite itself, we can now define 
its subset Q of pairs with equal reference points: 


Q = {( 


q ■ t,q' ■ t) £ Q 2 | t £ 


Thus, Q contains only those pairs of v ectors which are close 


in a precise sense. Applying Corollary III.3 to Q we obtain: 


Proposition V.7. Q is orbit-finite with uniform span it + 1 and 
its decomposition into orbits is computable in ExpTime. 

The idea now is to represent an arbitrary pair in Q 2 as 
an element from Q plus an integer representing “shift” of the 
second vector. Formally, we define the following shift mapping 
7r : Q x Z —> Q 2 : 

n : (q ■ t,q r ■ t), z i->- q,q' + z, 


where q' + z is the state obtained from q' = (l', v') by adding 
z to all time values in v'. Thus the shift mapping forgets about 
the equal reference points of q and q' , and shifts <fi by 2. Note 
that every pair of states in Q 2 is of the form ( q,q' + z), for 
some z £ Z and (q ■ t,q’ ■ t) £ Q, i.e., the shift mapping is 
surjective. To distinguish between orbits of Q 2 and Q, we use 
lowercase o for the latter. Every orbit O of Q 1 is the image, 
under the shift mapping n, of ox {,;}, for some z £ Z and 
some orbit o of Q. We will call O the image orbit of ( o,z ). 
By the inverse image of an equivariant set X C Q 2 we mean 
the set of all pairs (o, z) whose image orbit O is included in 
X. We will call (o, z) inhabited if its image orbit is so. 

The inverse image of an orbit O may contain many pairs 
( o, z ), as shown in the example below, but finitely many due 
to the simplifying assumption that all states are timed. 

Example V.2. Consider the orbit O C Q 2 defined by 

ip(x, y, x') = x < y < x + 1 A y + 6 < x' < x + 7, 

with x,y timed registers of one state and x' timed register 










of the other. The inverse image of O contains the pair (o, 6), 
where o C Q is defined by x < y < t = t' = x' < x + 1, 
but also the pair (o', 7), where o' C Q is defined by 

y —\<x'<x = t = t'<y. 

The inverse image of a definable set admits a decomposition 
into finitely many sets of a particularly simple form: 

Lemma V.8 (Decomposition Lemma). For a definable subset 
X C Q 2 , its inverse image decomposes into a finite union of 
sets of the form 

{o} x 7, 

where o is an orbit in Q, and I C Z is one of 

Z< m = {z : z < to}, {to}, Z >m = {z: z> to}, 

for to £ Z. A decomposition of X is computable in ExpTime. 

The following corollary will be useful later: 

Proposition V.9. The inverse image of an orbit O C Q 2 is 
finite and computable in ExpTime. 

We are going to define a system of equations A, with 
variables X a corresponding to orbits o in Q. The construction 
will conform to the following correctness condition: 

Lemma V.10. The least solution v of the system A assigns 
to a variable X Q the set 


u(X 0 ) = {z £ Z : (o,z) is inhabited}. 

Orbits o C Q that appear in the inverse image of an initial- 
final orbit O C Q 2 we call initial-final too; again, they are 
determined by the unique initial and final control locations. 


Based on the last lemma, we reformulate Proposition V.5 as: 


Proposition V.ll. L(A) is non-empty iff v{X 0 ) is non-empty, 
for an initial-final orbit o. 

Thus non-emptiness of L(A) reduces in ExpTime to non¬ 
emptiness of some of the variables X a in A. 


To complete the proofs of upper bounds of Theorems IV.5 
and |IV. 8 | we need to describe the construction of A and prove 
that it verifies the condition in Lemma IV. 101 
System of equations. When defining A we prefer to use 
inclusions. Roughly speaking, the system A corresponds to 


the inverse image of the rules in Lemma V .6 


Consider the (orbit base) rule first. We observe that all orbits 
o appearing in the inverse image of a diagonal orbit O are 
diagonal as well. Thus for every diagonal orbit o in Q we add 
to A the inclusion 


X 0 2 {0}. (9) 

For treating the (orbit transitivity) mle we need to extend 
the shift mapping 7 r from pairs to triples. Define the set of 
triples of states with equal reference points 

Q = {(9 ■ t,q' ■ t,q" ■ t) £ Q 3 : t £ Q}, 
and consider the shift mapping 7t : Q x Z 2 —>■ Q 3 : 

-t,q" -t),z,z’ q, q ' +z,q" + z + z'. 


As before, tt transforms a triple (o, z, z'), where o is an orbit 
in Q, into an orbit O in Q 3 . For an orbit O in Q 3 , consider 
any element (o, z, z r ) of its inverse image, i.e., O is the image 
of (0,2,2'). The image commutes with projections, i.e., 0 12 
is necessarily the image of (012, 2), and likewise O23 and O 13 
are images of (023, z 1 ) and (013, z+z’), respectively. Therefore 
the (orbit transitivity) rule says that if (012, 2) and (023, z') are 
inhabited, then (013, z + z') is inhabited too. Thus, for every 
orbit o in Q we add the following inclusion to A: 


X„ 13 2 X 0l2 +X 023 . (10) 


Finally, we address the (orbit push-pop) mle. We consider 
separately two cases, depending on whether the stack symbol 
pushed/popped is timeless or timed. Each of the two cases 
will induce separate inclusions in A. Let S be partitioned into 
timeless stack symbols Sq and timed stack symbols ,S'i. So 
is a finite set. We partition PUSH-POP into PUSH-POP 0 and 
PUSH-POP 1 , where 


PUSH-POP 0 

PUSH-POP 1 


(9 


q, q',q') 


3s £ Sq 


PUSH (q,q,s), 1 
POP (q',s,q') J 


(9 


q, 9', 9') 


3s € Sr. 


PUSH (q,q,s), 1 
POP (q',s,q') J 


First, we consider the (orbit push-pop) rule restricted to only 
timeless stack symbols. We can write PUSH-POP 0 as a finite 
sum of products 


PUSH-POP 0 = [J PUSHg X POPs, 

SGjSt) 

where PUSH g (q, q) = PUSH (q,q,s) and POP s (q',q') = 

POP(g', s, q'). For a fixed s £ So, PU SHg and POPg are 
definable subsets of Q 2 , and thus Lemma V.8 applies. 

We need to extend once more the shift mapping n, this time 
to quadruples. Define the set of quadruples of states with equal 
reference points 

Q = {(9 • t,q ■ t,q' ■ t,q' ■ t) £ Q 4 : t £ Q}, 
and consider the shift mapping tv from Q x Z 3 to Q 4 : 


(q-t,q-t,q'-t,q'-t),z,z,z' >->■ q, q+z, q'+z+z, q'+z+z+z'. 


Similarly as before, 7 r transforms a quadruple (o,z,z,z'), 
where o is an orbit in Q, into an orbit () in Q 4 . Similarly 
as before we define the inverse image of O C Q 4 . 

The (orbit push-pop) rule says that if ( 023 , 2 ) is inhabited, 
(012 , z) belongs to the inverse image of PUSHg and (034,2') 
belongs to the inverse image of POPg, then (044, z + z + z') is 
inhabited. Therefore for every orbit o C Q appearing in the 
inverse image of PUSH-POP, for every s £ Sq, for every pair of 
intervals 7,/' such that (oi 2 , 7 ) appears in the decomposition 
of PUSHg and (034,7') appears in the decomposition of POPg 
(by Lemma [V 8 |, we add to A the inclusion 

X 0l4 2 X Q23 + Zj + i>, ( 11 ) 


where Zj+ji is a variable that, in the least solution, is assigned 
the set of integers 7 + 7' (cf. Example V.l 1 . This completes 


the proof of the upper bound of Theorem I V .8 














In order to complete the proof of Theorem IV. 5 we consider 
now the (orbit push-pop) rule restricted to only timed stack 
symbols. For convenience, we extend PUSH-POP 1 with the 
stack symbol and consider 


PUSH-POP 2 = (q, q, q', q’, s) G Q 4 x Si 


PUSH (q,q,s), 
POP (q',S, q') 


Since we are considering orbit-finite trPDA, PUSH23 and 
POP12 are orbit-finite. Thus, PUSH-POP235 is orbit-finite as 
well (in passing we extend the notation for projection from 
pairs to to triples of coordinates), due to the restriction to 
timed stack symbols only. Indeed, the uniform bound on the 
span of PUSH-POP235 is at most twice as large as the universal 
bound on span of sets PUSH23 and POP12. By Corollary |III.3| 
we may enumerate all orbits O C PUSH-POP 2 35 in ExpTime. 

Consider every orbit O C PUSH-POP 2 35 separately. 
We transform the set PUSH-POP 2 into normal form (using 


Lemma III.2 1 and apply Projection Lemma III.4 to deduce 


that the set 


Xo = \ ( 9 , 9 ') e Q 2 | 3 (q, q', s) GO- 


PUSH (q,q,s), 

POP {q’,S,q') 

is definable and computable in ExpTime. For every ( o, z) 
in the inverse image of O \ 2 C Q 2 (we use Proposition V.9 


here), and for every (o, I) in the decomposition of Xq (by 
Decomposition Lemma [V78]>, we add to A the inclusion 


x 0 d (x d n{z}) + 


( 12 ) 


where / — z = {z — z : z £ I}. This completes the 
construction of A. Since A is of exponential size, we can 
solve it NEXPTIME according to Lemma pV2] This concludes 


the proof of Theorem IV.5 


VI. Conclusions and future work 

We have investigated the reinterpretation of the classical 
definition of pushdown automata in the setting of sets with 
timed atoms, called trPDA. In order to relate to the previous 
research we identified the subclass of trPDA with timeless 
stack, and shown that dense-timed PDA of {5| can be effec¬ 
tively transformed into this subclass. 

The rest of the paper focused on the non-emptiness analysis 
of trPDA. We showed that the non-emptiness problem for un¬ 
restricted trPDA is undecidable, but decidable in NExpTime 
for orbit-finite trPDA. Furthermore, non-emptiness for an even 
smaller subclass of trPDA with timeless stack has been shown 
ExpTime-complete. The last result subsumes the ExpTime- 
completness of dtPDA |j5), by our language-preserving trans¬ 
formation of dtPDA to trPDA with timeless stack. 

As future research, it remains to be closed the complexity 
gap for orbit-finite trPDA, as well as the detailed study of 
expressive power of different subclasses of trPDA. Moreover, 
in this paper we did not consider all reasonable subclasses of 
trPDA. For instance, we do not know the decidability status 
of non-emptiness of Ihs orbit-finite trPDA, defined like orbit- 
finite trPDA but with the orbit-finiteness restriction imposed 
on the left-hand sides of transition rules only. With respect 


to non-emptiness, the class is equivalent to the superclass of 
short form trPDA (cf. Sec. m obtained by dropping the 
orbit-finiteness restriction on the rhs of PUSH and on the lhs 
of POP. Our reduction, when extended to this model, yields 
systems of equations over sets of integers that use intersections 
with arbitrary intervals. Decidability of such extended systems 
of equations is, up to our knowledge, an open problem, 
interesting on its own. 

Finally, first-order definable sets may be considered for 
other atoms. We have recently studied the reachability analysis 
for PDA for the important class of oligomorphic atoms (i.e., 
A" is orbit-finite for every n) in [13J, where most of the 
subclasses of PDA defined in this paper become expressively 
equivalent. This covers many examples, such as total order 
atoms (Q, <), partial order atoms, tree order atoms, and many 
more [ 14|. 
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Appendix A 
Proof of Theorem Iii.1I 

A. Preliminaries 

A configuration c of a dtPDA as above is a tuple {p, p, r), 
where p £ L is a control location, p : X —> Q-° is a clock 
valuation for the clocks in X, and r £ (T x Q- 0 )* is the stack 
valuation, recording stack symbols and their current age. For 
a clock valuation p : X —► Q-° and a number k £ Q-°, we 
denote by p + k the valuation which adds k to every clock, 
i.e., for every x £ X, (p + k)(x) = p(x) + k. Similarly, for 
a stack valuation r = ( 7 1; hfi )... ( 7 „, h n ) and k £ Q-°, we 
write r + k for the new valuation (71, hi+k)... ( 7 n , h n + k). 
Given a clock valuation p : X —> Q-°, a set of clocks 
Y C X, and a new value k £ Q-°, we denote with p[Y 4 — k] 
the new clock valuation which is the same as p except that 
assigns value k to all clocks in Y, i.e., p[Y 4 — k](y) = k 
if y £ Y and p[Y £- k](y) = p(y) if y ^ Y. Similarly, 
we denote with p[z ■£- k] : (X U {z}) -A Q-° the extended 
clock valuation where the value of the special clock z is k. 
Given an extended clock valuation p' : (X U {z}) —► Q-° 
and a formula <p, we write p' |= p if p holds when clock 
variables are replaced by values given by p!. As usual, we 
distinguish transitions representing elapse of time, which are 
labelled by some t £ Q-°, and discrete transitions, which for 
convenience are labelled by tuples of the form (a, <p,Y, op). 
Formally, for every t £ Q-° we have a timed transition 
(p,p,r) — (p, p + t,r + t), and, if p a ’‘tXy op q > then we 
have a discrete transition (p, p, r) r >), whenever 

p |= ip holds, p' = p[Y 4 — 0], and, depending on the kind of 
operation op, 

• Case op = nop: r' = r. 

• Case op = push(a |= ip): r' = r(a,k) if p[z £- k] |= ip. 

• Case op = pop(ct |= ip): r = r'(a, k) if p[z 4— k] |= ip. 

A run 7 r is an alternating sequence cgtro ... Ck of configu¬ 
rations Cj’s and transitions trfis s.t., for every 0 < i < k, 



B. Simplifications 

The following simplifying assumptions can be shown not 
to reduce the recognizing power of the model. They are either 
standard, or very easy to show. 

a) Only pop constraints of the form z — x ~ k: 
Constraints of the form x — z ~ k can be converted to the 
form z — x ~ k by negating both sides and by flipping the 
inequality. 

b) No pop constraints of the form z ~ k: We introduce a 

new clock xq which is ensured to be 0 when a pop transition is 
taken. A constraint z ~ k can thus be replaced by z — xq ~ k. 
Formally, a pop transition p ^ q is simulated in 

two steps: 

a,^>,{x 0 },nop , 

p —i (p,a,ip ,q) (1) 

, , . e,^Ax o =O,T,pop(a|=-0') /r> x 

(p,a,ip ,q) —q (2) 


where ip 1 is the same as ip where all constraints of the form 
z ~ k are replaced by z — Xq ~ k. Transition (1) mimics 
exactly the original transition, except that the pop operation is 
not performed. Transition (2) is ensured to be taken with delay 
0 after (1), and the pop operation is thus performed under the 
condition that x 0 is 0. 

c) No resets on push and pop transitions: We wish that 
clocks are reset only on nop transitions. To achieve this, we 
introduce an extra clock x* and some auxiliary intermediate 


control states. A push/pop transition of the form p 
is split into three consecutive transitions 

a,tp,T,op 

— > q 

a,V>,{x*},n°P . , 

p —i [p, a , <p, T, op, 0) 

(i) 

( P, a, p, T, op, 0) e,x zP^' op ( P) ^ t, op, 1) 

(2) 

/ rr, , e,x*=0,T,nop 

[P,a,p,T,op, 1) —> q 

(3) 


Transition (1) reads the input, checks the clock constraint 
<p, but it does not reset clocks T, neither perform the stack 
operation. Transition (2) performs the actual stack operation 
(without resetting any clock), and the constraint on x* ensures 
that no time elapsed since (1). Finally, transition (3) resets the 
clocks in T, and again no time is allowed to elapse. Clocks 
in T cannot be reset directly by transition (1) since in the 
semantics of push/pop operations we must compare the age 
of the stack symbol to the value of clocks prior to their reset. 

d) The initial age is 0: A push operation push (a \= ip 1 ) 
can be restricted to have the push constraint ipi of the trivial 
form z = 0, i.e., the initial age is always 0. We omit a trivial 
push constraint by just writing push (a). 

A conjunctive constraint ib-\ involving only clock z is 
equivalent to either a punctual constraint z = k for an integer 
/,:, or to an interval constraint z £ (a, b) for a lower bound 
a £ ZU {— 00 } and an upper bound b £ Z U {+ 00 }. The idea 
is to push this information on the stack, which is used at the 
time of pop to update the pop constraint. 

The function update{ip,I) for I equal to either k or (a, b) 
as above, is defined by structural induction on ip and it works 
by shifting all constraints by the amount specified by I: 

update(z — x ~ h, k) = z — x ~ h — k for {<, <, >, >} 

update(z — x < h, (a, b)) = z — x < h — a for <£ {<, <} 

update(z — x > h, (a, b)) = z — x > h — b for >£ {>, >} 

updateft , I) = t 

update(ipo A ipi,I) = update(ipf) A update(ipf) 

. , . ... a>V>Tpush(a|=i/0 . 

A push transition p —► q becomes 

a,¥J,F,push((a,/)) . 

p —► q where 1 is either k or (a, b) as 

implied by the constraint ip, and a pop transition 

p —>• q is replaced by several transitions of 

the form p — q, tor every shut 1, and 

where ip' = update(ip, I) is the pop constraint updated by 
I. Correctness for a punctual constraint is immediate. For 
z £ (a, b) and a pop constraint z — x < h, the semantics asks 
whether there exists an initial age zq £ (a, b) s.t. z — x < h 




holds at the time of pop, which is the same as requiring 
(z + zo) — x < h when the initial age is 0 instead, that is, 
z — x < h — z'o. This constraint is easier to satisfy for smaller 
values of Zq > a , and thus we obtain z — x < h — a. The 
reasoning for z — x > h is analogous. 

C. Untiming the stack 

We are now ready present the formal construction for 
untiming the stack of a dtPDA. Let T = ( Q, qo, E, T, X, z, A) 
be a dtPDA. We construct a dtPDA with timeless stack 

U = (Q',q' 0 ,S, r',X',A'). Let 


reset, and thus need not be added. 

0[ = (0- O' 0 ) U (N - N') 

T'=T 0 U {x> k | (x, > k) € N — N'j 

p' = tp o A /y —x > k 

(.x,>,k)e N ' 

c . ••• a,¥>,0,pop(a|=-0) . 

For every pop transition p —> q in T, we have 

an “untimed” pop transition in IA of the form 

<**•) ”*** (i.-R'.C) 
with a' = (a, ip, R', O') 


= {(x, k) | z — x ~ A; G ip for a pop constraint i/)} 


The new set of clocks X' is obtained by adding to X a clock 
x^k for every (x, ~,fc) G C, where C = IJ^CL,. A control 
state in U is of the form (p, R, O), where p is a control state 
in T. The set R C C<UC< represents active reset restrictions, 
and the set O C C> U C> represents active reset obligations. 
The initial control state of IA is q' 0 = (go, 0,0). The stack 
alphabet of U consists of tuples (a, if), R, O), where a G T is 
a stack symbol of T, ip is a clock constraint, and R , O are as 
above. 

Transitions in U are defined as follows. If we have a push 
transition p g j n 7 ^ then we have several push 

transitions in U of the form 


(P, O) 


ay.Thpush(a') ^ ^ 

with a' = (a, ip, R, O' 0 ) 


for every R,R' C C< U C<, O. ()' {) . G\ C C> U C>, and 
constraints ip, tp' satisfying the conditions below. Constraint 
ip is guessed to be the constraint that will hold at the time of 
the corresponding pop. The other components are determined 
as follows. We first consider reset restrictions. Let M = 
{(x,<,k) | z — x < k G ip} be the new reset restrictions as 
implied by the guessed pop constraint ip. Since restrictions in 
R subsume those in M, we reset x< k only for restrictions in 
M-R. 


R' = R U M 

T 0 = {x< k | (x, <, k) e M - R} 
Po = ip A ^ — x < k 

(x,<,k)eM-R 


We now address reset obligations. Let N = 
{(a;, >, k) | z — x > k € ip} be the new reset obligations. 
New reset obligations in N always subsume previous ones 
in O. Let O' 0 C 0 N he any set of previous reset 
obligations not subsumed by new ones. Intuitively, we guess 
that obligations in O' 0 will be satisfied after the matching pop, 
thus we push them on the stack. Let N' C N be those new 
reset obligations which are already satisfied by a previous 


for every R,R' C (!< U C< and O' C C > U C>. We require 
the set of reset obligations to be empty in order to ensure that 
all clocks that were under a reset obligation have been indeed 
reset. 

t- • • a,tp.T, nop . . 

For every nop transition p — > q in / , we have a nop 

transition in U of the form 

(P,R,0) a ’^ n ° P (q, R, O-O') 

for every R C C< U C<, O. O' C C> U C>, and for every set 
of reset obligations O' C {(x,>,k) £ O \ x G T} which are 
satisfied by a reset in this transition: 

H>' = P A f\ ( x< k < k) A f\ (x> k > k) 

x£T,(x,<,k)£R (.x,>,k)eO' 

Theorem II.l. A dtPDA T can be effectively transformed into 
a dtPDA IA with timeless stack recognizing the same timed 
language. Moreover, IA has linearly many clocks w.r.t. T, and 
exponentially many control locations. 

Proof: 

Let 7 r be an accepting run in T, 

7T = (jpo,Vo,Vo)tro{pi,v 1 ,vi) ■ ■ ■ (p k+ i,iy k+ -k,v k+1 ) 
with fry = (a i; T u opf) 

We construct an accepting run it' in IA, 

■k' = (r 0 ,po,u 0 )tr' 0 (ri,pi,ui) ■ ■ ■ (r k+ i,p k+1 ,u k +i), 

with n = ( pi, Ri, Of) 
and tr\ = (a*, p\, T[, op'f) 

where tr[ = fr,; if fr,; G R, and otherwise it is determined 
as follows. For every i < j, let J be the total time elapsed 
from transition i to transition j, i.e., 

, = ^ J tr h if tr h G ffi. 

'"■* | 0 otherwise 

h=i 

If i > j, we define tjj = —tjj. The construction of id is 
based on the following two observations. 

1) For any reset restriction z — x < k G ipj,, whenever 
x G Th is reset at transition trh with h < ji, the time 
elapsed between fr,; and fry, is f^/, < k. 

2) For any reset obligation z — x > k G ipj i , there exists a 
minimal index h < ji s.t. x G Th is reset at transition trh 



and ti h > k. (Minimality is important to construct a run 
in hi, in order to mimic the fact that new reset obligations 
truly subsume old ones.) 

We proceed by a case analysis on opi- Let opt = push(aj). 
The corresponding pop operation has opj i = pop(ct^ \= ipjk), 
with ay. = a,. By assumption, T, = 0. Take tr[ = 
KVi, A.op'J with op\ = (^,^,#*,0°), where T [, 

and O 0 are defined as follows. We first analyse reset restric¬ 
tions. Let M = {(x, <, k) | z — x < k £ ipp} be the set of 
reset restrictions due to ipj t , and let 

T° = {x< k \(x,<k)£M-R ,} 
tp° = (fii A y/y —X < k 

(x,<,k)eM-Ri 

We show ^ \= <p°. First, p-i |= <£,■ holds because n is a valid 
run in T. Let (x, <, fc) £ M — Ri. Then, pp |= 2 ; — x < k. If 
k > 0, then /i,; |= —x < k immediately holds. If k < 0, let h 
be the last transition before tr t when x is reset. By Point 1) 
above, tph, < k, i.e., the last reset of x is more than —k time 
units before transition i. Thus, //, |= x > —k. 

We now analyse reset obligations. Let N = 
{(x,>,k) | z — x > k £ ipp} be the reset obligations due to 
ipj t , and let N' = {( x,>,k ) 6 N \ p, \= — x > A:} be those 
obligations in N which are already satisfied by a past reset. 
(Necessarily k < 0 for (x, >, k) £ N'.) For (x, >,fc) £ Oi, 
let l be the largest index < i s.t. (x, >, k) £ Oi+i — O;. Then, 
tri is a push transition with matching pop transition fry, with 
(x,>,k) £ ipj,. By Point 2) above, there exists h < ji s.t. 
x £ T h and t k h rt k. Let O 0 = {(x,>,k) £ O \ h> j. t } be 
those obligations which will be satisfied after the matching 
pop transition tr :l/ . Obligations in ()" are pushed on the 
stack. Then, let 

Oi+1 = (Oi - O 0 ) U (N - N') 

T[ = T° U {x> k | (x,> k)£N-N'} 

<Pi = <Po A f\ —x > k 

(x,>,k)GN' 

Clearly, pi \= ip\ holds, since we proved above p, |= ipo, and 
by the definition of N'. 

Let’s now analyse the corresponding pop operation op :hi = 
pop (ctj i 1= ipji). Once again, T ri = 0 by assumption. By 
construction of ir 1 (cf. the push transition above), tr\ pushed 
a symbol of the form (ai,ipi, Ri,O 0 ), with ctj = a ]t and 
ipi = tpj i . Therefore, take fr'. = (aj i , ipj., 0, op'j .) with 
op'j. = pop ((ctijipi, Ri,O 0 )) and define Rj,+\ := Rt and 
Oj,. : l := O 0 . By construction, reset obligations added to Oj i 
are removed as soon as they can be satisfied (cf. the definition 
of O' in the nop rule below). All reset obligations can be 
satisfied by Point 2) above. Thus, Oj i = 0, and tr' :h is a valid 
transition. 

Finally, Let opi = nop. Let O' be defined as 

O' = {(x, >, k) £ Oi | x £ Ti and pi |= x> k > k } 


Take tr[ = (a*, T-, nop), with T[ = T, and 

ip'i = (fi A (p° A ip 1 , where 

<F° = A ~ k 

xe Ti,(x,<,k)£Ri 

v 1 = A ~ k 

and let Ri+i = R, and 0,-\\ = Oi — O’. We show that 
Ri H ‘Pi¬ 
rn Pi 1= ipi since tt is a valid run in T. 

• pi |= Let x £ R and (x,<,k) £ Ri. We show 
Pi \= x <k < k. Let h* be the largest index h < i s.t. 
(x, <, k) £ Rh+i — Rh- Then, tr> ( » is a push transition, 
and x< k £ Th- is reset at transition trh- ■ Moreover, since 
h* is maximal and (x,<,fc) £ Ri, by construction (x, < 
,k) £ Rh for every h* < h < i. Thus, x< k T k for 
every h* < h < i. Therefore, pi(x< k ) = th-p. Since at 
the matching pop transition trj h , we have z — x < k £ 
ipj h ,, and x £ Ti is reset now, by Point 1) above we have 
th*p < k. Consequently, p t |= x< k < k. 

• Pi \= ip 1 : Immediately by the choice of O'. 

Thus, tr'i is a valid transition. 

For the other inclusion, let w = (ao, to) ■ ■ ■ (a kl t k ) be a 
timed word accepted by U, and let 7 r' be an accepting run: 

7r' = (r 0 , po, uo)tr' 0 (ri, pi,ui) ■ ■ ■ (r k +i,Pk+i,u k +i), 

with n = ( Pi , Ri, Oi) 

We obtain an accepting run 7 r in T by removing the extra 
components in the control state and stack alphabet, and by 
adding back pop constraints (as given by the symbol popped). 
To show that tt is an accepting run, we argue that p, \= ipi 
holds for a pop transition 

tr'i = (ai,V’i,T i ,pop(a-)) 
with a'i = (cti, ipi, R'i, O') 

Let tr’j with j < i be the corresponding push transition, i.e., 

tr'j = (aj ,ipj,Tj, push (a'-)) (13) 

with a( = a) 

Notice that the symbol popped at time i matches the one 
pushed at time j. We begin with reset restrictions. Let z — x< 
k £ ipi any reset restriction on clock x with <£ {<,<}. We 
argue that p, \= z — x < k holds. The claim follows from the 
following observations. Let j < h < i in the following: 

1) Except possibly for the first push transition j, clock x< k 
is never reset before, and including, transition i. This 
is follows from the fact that, once a reset obligation is 
added, it always subsumes new ones. Thus, ph(x< k ) is 
at least the age of a( at index h. 

2) (x,<,fc) £ Rh- Indeed, (x,<,k) £ Rj+i by construc¬ 
tion. Moreover, nop operations do not change Rh = 
Rh+i, push operations put Rh on the stack and /?/, C 
Rh+i, and pop operations restore the Rh of the corre¬ 
sponding push. 



3) By the previous point, if x is reset (necessarily at a nop 
operation by assumption), then /.//, |= x< k < k holds by 
the definition of nop operation. 

4) Finally, p,h |= —x < k, for h = j. If k > 0, this is trivial. 
Otherwise, let k < 0, and let j* be the largest index 
j* < j s.t. (x, <, k) £ Rj * — Rj*-i is last added to reset 
obligations. Then, |= —x < k holds by definition of 
push operation. Since k < 0, x is not reset ever since (cf. 
Point 3), and thus pj |= — x < k. 

There are two cases. If x is reset between transition j and i, 
then by 1) and 3) the age of a! i is < k the last time x was 
reset. Consequently, at transition i, p, \= z — x < k. If x is 
not reset at all, then p 7 |= — x < k (by Point 4) immediately 
implies pi \= z — x < k. 

We now consider reset obligations. Let z — x > k £ ipi 
with >£ {>, >}. We argue that p r \= z — x > k holds. There 
are two cases. If (x, >, k) $. Oj + \, then pj \= —x > k holds 
by construction, i.e., the constraint must have been satisfied 
by a previous reset of x, which directly implies //, |= z 
x > k. Now let (x,>,k) £ Oj+±. We make the following 
observation. 

5) x> k is at most the age of a[. This is obvious, since x> k 
is reset at transition j by construction. 

Since the pop at transition i satisfies (), = 0, constraint (x, > 

, k) must be eventually removed. The only way to remove 
(x, >, k ) from O k is to either push it on the stack (cf. O' 0 ), 
or to reset x when p k \= x> k > k holds (by definition of 
nop operation). In the former case, (x,>,k) will reappear in 
Oh at the matching pop operation and still be pending. In the 
latter case, the age of o! i was at least k when x was reset by 
Point 5) above, which directly implies fit (= z — x > k. ■ 

Appendix B 

Proofs missing in Sec. H ill 

Lemma III.l. An equivariant subset A C Q n is orbit-finite 
if, and only if it has uniformly bounded span, i.e., it admits a 
common bound on the spans of all its elements. 

Proof: Every orbit, being defined by a minimal constraint, 
has uniformly bounded span. Therefore every orbit-finite set 
also does. 

For the opposite direction, if the span of the elements of an 
equivariant set X C Q" is bounded by k, then X is a subset 
of 

{x n ) : /\xi~Xj<k}. 

The latter set can be equivalently defined by a finite disjunction 
of minimal constraints, and hence it is orbit-finite, which 
implies orbit-finiteness of X. ■ 

Lemma III.2 (Normal Form Lemma). Every definable set 
X decomposes into a finite union of orbits OCX and 
of extensions of orbits O C X. A decomposition can be 
effectively computed in ExpTime. 


Proof: Fix a definable set X. Let L be its indexing set. 
For each index l £ L separately, we compute a decomposition 
of Xi. 

Fix the index l. Let I\ be larger than the largest absolute 
value of any integer constant used in the defining constraint of 
Xi, and let d be the dimension of A';. Enumerate all minimal 
constraints <p that define an orbit of span bounded by (d— 1)-K. 
Note that such constraints do not need to use integer constants 
of absolute value greater than (d — 1) • K. 

Claim B.0.1. It is decidable in polynomial time whether [p\ C 
Xi. 

Proof: Indeed, for every pair of variables x, y the minimal 
constraint p determines an interval I x y of the form 

{z} or (z,z+ 1), 

for z £ Z, of possible values of x — y. In order to determine 
whether [tp\ C A';, we evaluate the constraint ip defining 
Xi over the minimal constraint <p, very much like a boolean 
formula is evaluated over a valuation of its variables. Atomic 
sub-formulae of ip are evaluated on the basis of the intervals 
I x ,y\ f° r instance 

x — y < z 


evaluates to true if and only if I xy C 7L <Z . [<p] C A) iff the 
constraint ip evaluates to true over p. ■ 

Thanks to the claim, we compute all minimal constraints 
satisfying [p] C X and add them to the decomposition of X. 

The next claim formulates the weakness of constraints that 
we build upon: 

Claim B.0.2. let O C Q' ( be an orbit. IfOCX and O admits 
a gap I\ then the K-extension of O is included in X. 


Therefore, for every minimal constraint p satisfying the 
above claim, we add to the decomposition of A its I\- 
extension. The decomposition is computed in ExpTime, and 
its correctness follows by following last claim: 


Claim B.0.3. Every orbit O C X of span larger than (d. — 
1) • K is included in the K-extension of some orbit O' C A 
of span at most (d — 1) • K. 


This completes the proof of Lemma III.2 


Appendix C 

Proofs missing in Sec.ITvI 
Theorem IV.l. Non-emptiness of trPDA is undecidable. 

Proof: The proof works for transition rules satisfying 
n = 1 , m = 2 in ©■ The idea is to simulate a 2-counter 
Minsky machine M by a trPDA Am- one counter is simulated 
using the stack and two stack symbols _L, T, while the other 
counter is simulated using the difference between the time 
values stored in the top-most stack symbol and in the state. It 
is enough if state space and stack alphabet are 1-dimensional, 
i.e., store exactly one time value. A configuration of M with 



a control state p and values of counters n \. n 2 is represented 
by the following configuration of Am- 

( {p,t + n 1 + n 2 ), (T, t + n 1 )...(T,t+ 1)(_L, t) ) 

for an arbitrary t £ Q chosen nondeterministically by Am in 
the beginning of the simulation. The simulation assumes that 
the time values stored in consecutive stack symbols increase by 
1, thus a push operation needs to see the current top-most stack 
symbol. Then increment (resp. decrement) of the first counter 
is simulated by a simultaneous push (resp. pop), and increment 
(resp. decrement) of the state by 1, e.g.: if M increments the 
first counter and changes state from p to p', the PDA has the 
following transition rule (inci is an input letter): 

(T , u), inci, (p',t + 1), (T, u + 1)(T, u)). 


Operations on the second counter are performed exclusively 
on the time value stored in the state. Zero test m = 0 of the 
first counter is done by checking if the top-most stack symbol 
is (JL,£) for an arbitrary t £ Q; while zero test ?r 2 = 0 of the 
second counter is done by an equality test t = u of the time 
values stored in the state and in the top-most symbol. 

Am accepts if M halts from the control state p. Thus the 
language L(Am) is non-empty iff M halts. ■ 

Lemma IV.2. The untiming of a timed register context-free 
language is effectively context-free. 


Proof: Let Q be a trCFG with transition relation p, 
recognizing a timed language L. We show the untiming of 
L can be recognized by a CFG Q' of size exponential in Q. 
Enumerate all orbits O of .S'; this can be done effectively by 


Corollary III.3 Q’ will have a non-terminal Xq for every orbit 
O of S. For every non-terminals Xq. Xo 1 , ■ ■ ■, Xo n and for 
every orbit P of A e , a production 

(X 0 , P, X 0l , • • • , X 0n ) 

is included in Q' whenever 3x £ 0,a £ P,x\ £ 

Oi ,..., x n £ O n ■ p(x, a,x i,..., x n ) holds. The latter condi¬ 
tion can be checked in EXPTIME, similarly like in the proof 


of Lemma III.2 Then Q recognizes a timed word if, and only 
if, Q' recognizes its untiming. ■ 


Theorem IY.3. Non-emptiness problem of trCFG is 
ExpTim e-complete. 


Proof: The EXPTIME upper-bound follows immediately 
from Lemma |IV.2| From a trCFG Q recognizing a timed 
language L, we derive an exponentially larger context-free 
grammar Q' recognizing the untiming of L, for which non¬ 
emptiness is decidable in PTIME. Correctness follows since 
L is non-empty if, and only if, its untiming is non-empty. 

For the lower-bound, we reduce from the non-emptiness 
problem of the intersection of the languages recognized by 
n (untimed) NFAs A\. ... ,A„ and a (untimed) CFG Q. (A 
similar reduction from this same problem was used in (5 j to 
show EXPTIME-hardness of dtPDA). It is folklore that the 
latter problem is EXPTIME-hard; this can be shown by a direct 
reduction from linearly bounded alternating Turing machines. 


We adapt the textbook construction for intersection of a 
regular language and a context-free one 03 in order to 
define a timed register context-free grammar Q'. We use timed 
registers to succinctly represent control states of the NFAs 
Afs. Let Pi be the set of control states of Ai- For simplicity, 
we assume that P t = {1,... ,k}, that 1 is the unique initial 
state of each NFA, and that 2 is the unique final state of 
each NFA. A tuple of states of NFAs may be encoded as 
r £ {1,..., k} n . We write r r' if for every i, the pair of 
states at coordinate i in r and r', is related in the automaton 
Ai by an a-labelled transition. We will represent a pair of 
such tuples (r, r') £ {1,..., k} 2n as an orbit in Q 2n+1 ; one 
additional component will serve as reference point, and the 
others will be interpreted as the difference w.r.t. the reference 
point. Thus, we encode (r, r') as the following orbit O r y in 
Q 2 " +1 : 

O r , r > = (J (t,r + t,r' + t). 

te® 

Let symbols S' of Q' be 

S' = Sx O r y 

for S the symbols of Q. Thus symbols in S' are of the form 

(X,t,r + t,r' +1). 

Notice that S' is orbit-finite. From the initial symbols, Q' goes 
to one of the symbols 

(Ag, t, 1 + t, 2 + t), for t £ Q, 

where A’q is the initial symbol of Q, and 1, 2 are constant 
tuples. Assume for simplicity that Q is in Chomsky normal 
form. For every production X —► a in Q, the grammar Q’ 
has productions 

(A', t, r +1, r' +1) —> a 

for every t £ Q, whenever r r'. Moreover, for every 

production X —► YZ of Q. the grammar Q' has productions 

(A, t,r + t,r'+t) —y (Y,t,r + t, r" +1) ( Z , t , r" +1, r' +t), 

for every t £ Q and for every three tuples r, r', r". 

The productions above are definable with (only equality) 
constraints of polynomial size. It is an easy exercise to check 
that the grammar Q’ recognizes the same language as the 
intersection of languages of Ai,... ,A n and Q. ■ 

Lemma IV.4. An orbit-finite trPDA can be transformed into a 
language-equivalent trPDA in short form 0 of polynomially 
larger size. 

Proof: Let A be an orbit-finite trPDA. We define an orbit- 
finite trPDA B in short form recognizing the same language. 
Intuitively, B keeps in the state a prefix of the stack long 
enough to apply rules of A without directly looking at the 
stack. Thus, states in B are pairs ( q , v) where v £ S* is 
a prefix of a Ihs/rhs of a rule of A. Since projection and 
finite union preserve orbit-finiteness, B has an orbit-finite set 






of states. By Lemma III.4| the set is definable and effectively 
computable. For every rule (q, v, a, q', v') in A there exists 
a rule NOP((g, v), a, (q', v')) in B. Moreover, for every state 
( q,vs ) in B, there exist rules POP((g, v), s, e, (q, vs)) and 
PUSH((g, vs), e, (q, v), s) in order to load/unload the local 
buffer of B. The language is preserved by this transformation, 
and the size of B in short form grows only polynomially with 
respect to the size of A. ■ 

Lemma C.l. Non-emptiness of trPDA with timeless stack is 
ExpT ime-hard. 


Proof: As in |5J (cf. Theorem IV.3i, we reduce from the 
non-emptiness problem of the intersection of the languages 
recognized by n NFAs Ai ,... ,A n and a PDA B. This time, 
timed registers in the state are used to simulate the control 
states of the NFAs and the PDA, while the untimed pushdown 
simulates the pushdown of the PDA. We omit the details since 


they are very similar to Theorem IV. 3 


Appendix D 

Proofs missing in Sec.IVI 
A. Systems of equations 

Lemma V.2. The non-emptiness and membership problems of 
systems of equations are both NP-complete. The membership 
problem is NP-hard already for intersection-free systems. 


Proof: NP-hardness of the membership problem follows 
from [161, where 
when 


it is shown that membership is already 
restricted to intersection-free systems with 


NP-hard 

only non-negative constants {0,1}. Moreover, the membership 
problem for k £ Z in X easily reduces in polynomial time to 
non-emptiness (by using intersection): it suffices to introduce 
a new variable X' and a new inclusion X' 2 X Hi { k }. Then X 
contains k in the old system if, and only if, X' is non-empty 
in the new system. The former inclusion can be simulated with 
only constants {0,1} by looking at the binary representation 
of k and by introducing polynomially many new variables and 
inclusions. Thus, NP-hardness of the non-emptiness problem 
follows from NP-hardness of membership. 

It remains to show an NP upper bound for the non-emptiness 
problem. The procedure guesses in advance a sequence of 
inclusions 


• the language over {—1,0,1} containing words with the 
same number of —l’s and l’s. 

The non-emptiness of the intersection can be checked in NP 
by Kopczyriski and To ED- 

It remains to argue for correctness. Let v be the least 
solution for A, and, for every i, let v, be the least solution for 
the guessed A*. By construction we have v\ C v 2 C • • • C 
z/ n C v, therefore a right guess yields the correct answer. On 
the other side, suppose k £ v{X) for some k £ Z, and let t be 
a derivation of this fact constructed according to the following 
rules: 


for every X 2 {A:} 
for every XDFfl{0} 

for every X D Y + Z 

The derivation is finite since we are considering least solutions. 
Given t, let to, ft, ■ ■ ■, t n be all sub-derivations (subtrees) of t 
s.t. t, proves a goal of the form 0 £ Y i+1 . We further assume 
that ti is not a subtree of any previous t 3 with 1 < 3 < 
i. The derivation ti can be used to show that 0 belongs to 
Ui(Yi + 1 ). Thus, the algorithm correctly guesses and verifies 

xlA-rUo)..tf 2 Y„n{0}. 

B. Proof of Decomposition Lemma 

Lemma V.8 (Decomposition Lemma). For a definable subset 
X C Q 2 , its inverse image decomposes into a finite union of 
sets of the form 

M x i, 

where o is an orbit in Q, and I C Z is one of 

Z< m = {z : z < to}, {to}, Z >m = {z: z> to}, 

for to £ Z. A decomposition of X is computable in ExpTime. 

Proof: The proof proceeds similarly as the proof of the 
Normal Form Lemma. Consider the set of pairs of states 
extended with reference points (cf. Sec. |V-B[ ): 

X = |(g • t,q ■ t') £ Q 2 | (q,q) £ X, t,t' £ Q j ■ 


k £ X 

0 £ Y 
0 £ A 

k £ Y l £ Z 
k + l £ X 


x 1 2 Yin{0}, ..., x n 2 Y n n{ 0} 


from A, and then checks correctness of the guess by invoking 
membership tests. Let A' be obtained from A by removing 
all inclusions that use intersection. For every 0 < i < n, let 
A i be A' with the inclusions Xi 2 {0},..., 2 {0}. The 

procedure checks that 0 is in the least solution for i} +1 in 
A^ Each of these checks can be done in NP, as they reduce 
to non-emptiness of the intersection of the Parikh images of 
two context-free languages: 


the language of a context-free grammar over {—1,0,1} 
obtained from A* by replacing addition with concatena¬ 
tion (as in the proof of Lemma V. 1 1 , and 


The set X is definable. As in the proof of the Normal Form 
Lemma, we decompose X into a finite union of orbits, and K- 
extensions of orbits O, for a sufficiently large positive integer 
K, namely greater than the largest span of a state from Q. 
Thus a state admits no gap K or larger, and therefore a gap K 
may only be caused by a large distance between the reference 
points of two states. 

Consider only those orbits OCX where the difference of 
reference points is an integer (the property is an invariant of 
an orbit); call these orbits integer-difference orbits. 

Every integer-difference orbit O uniquely determines a pair 

(o,z 0 ), (14) 














for o an orbit in Q and zq £ Z the difference of reference 
points, with —2 • K < zo < 2 ■ K. Furthermore, consider 
I\ -extension of an integer-difference orbit (). The integer- 
difference orbits included in the K -extension jointly determine 
one of the two sets, 

•jo} x Z> 20 or {o} x Z< 20 . (15) 

Therefore, the decomposition of the inverse image of X 
contains singletons of all pairs listed in ( fl4| ), and the sets listed 
in ( fl5| ). ■ 


